1 /* packet-omapi.c
2 * ISC OMAPI (Object Management API) dissector
3 * Copyright 2006, Jaap Keuter <jaap.keuter@xs4all.nl>
4 *
5 * Wireshark - Network traffic analyzer
6 * By Gerald Combs <gerald@wireshark.org>
7 * Copyright 1998 Gerald Combs
8 *
9 * SPDX-License-Identifier: GPL-2.0-or-later
10 */
11
12 /*
13 * From the description api+protocol.
14 * All fields are 32 bit unless stated otherwise.
15 *
16 * On startup, each side sends a status message indicating what version
17 * of the protocol they are speaking. The status message looks like this:
18 * +---------+---------+
19 * | version | hlength |
20 * +---------+---------+
21 *
22 * The fixed-length header consists of:
23 * +--------+----+--------+----+-----+---------+------------+------------+-----+
24 * | authid | op | handle | id | rid | authlen | msg values | obj values | sig |
25 * +--------+----+--------+----+-----+---------+------v-----+-----v------+--v--+
26 * NOTE: real life capture shows order to be: authid, authlen, opcode, handle...
27 *
28 * The message and object values consists of:
29 * +---------+------+----------+-------+
30 * | namelen | name | valuelen | value |
31 * +---16b---+--v---+----------+---v---+
32 */
33
34 #include "config.h"
35
36 #include <epan/packet.h>
37 #include <epan/ptvcursor.h>
38
39 void proto_register_omapi(void);
40 void proto_reg_handoff_omapi(void);
41
42 static int proto_omapi = -1;
43 static int hf_omapi_version = -1;
44 static int hf_omapi_hlength = -1;
45 static int hf_omapi_auth_id = -1;
46 static int hf_omapi_auth_len = -1;
47 static int hf_omapi_opcode = -1;
48 static int hf_omapi_handle = -1;
49 static int hf_omapi_id = -1;
50 static int hf_omapi_rid = -1;
51 static int hf_omapi_msg_name_len = -1; /* 16bit */
52 static int hf_omapi_msg_name = -1;
53 static int hf_omapi_msg_value_len = -1;
54 static int hf_omapi_msg_value = -1;
55 static int hf_omapi_obj_name_len = -1; /* 16bit */
56 static int hf_omapi_obj_name = -1;
57 static int hf_omapi_obj_value_len = -1;
58 static int hf_omapi_obj_value = -1;
59 static int hf_omapi_signature = -1;
60
61 /* Generated from convert_proto_tree_add_text.pl */
62 static int hf_omapi_empty_string = -1;
63 static int hf_omapi_object_end_tag = -1;
64 static int hf_omapi_message_end_tag = -1;
65 static int hf_omapi_no_value = -1;
66
67 static gint ett_omapi = -1;
68
69 #define OMAPI_PORT 7911 /* Not IANA registered */
70
71 #define OP_OPEN 1
72 #define OP_REFRESH 2
73 #define OP_UPDATE 3
74 #define OP_NOTIFY 4
75 #define OP_ERROR 5
76 #define OP_DELETE 6
77 #define OP_NOTIFY_CANCEL 7
78 #define OP_NOTIFY_CANCELLED 8
79
80 static const value_string omapi_opcode_vals[] = {
81 { OP_OPEN, "Open" },
82 { OP_REFRESH, "Refresh" },
83 { OP_UPDATE, "Update" },
84 { OP_NOTIFY, "Notify" },
85 { OP_ERROR, "Error" },
86 { OP_DELETE, "Delete" },
87 { OP_NOTIFY_CANCEL, "Notify cancel" },
88 { OP_NOTIFY_CANCELLED, "Notify cancelled" },
89 { 0, NULL }
90 };
91
92 static int
dissect_omapi(tvbuff_t * tvb,packet_info * pinfo,proto_tree * tree,void * data _U_)93 dissect_omapi(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
94 {
95 proto_item *ti;
96 proto_tree *omapi_tree;
97 ptvcursor_t *cursor;
98
99 guint32 authlength;
100 guint32 msglength;
101 guint32 objlength;
102
103 /* Payload too small for OMAPI */
104 if (tvb_reported_length_remaining(tvb, 0) < 8)
105 return 0;
106
107 col_set_str(pinfo->cinfo, COL_PROTOCOL, "OMAPI");
108
109 col_clear(pinfo->cinfo, COL_INFO);
110
111 ti = proto_tree_add_item(tree, proto_omapi, tvb, 0, -1, ENC_NA);
112 omapi_tree = proto_item_add_subtree(ti, ett_omapi);
113 cursor = ptvcursor_new(pinfo->pool, omapi_tree, tvb, 0);
114
115 if (tvb_reported_length_remaining(tvb, 0) < 24)
116 {
117 /* This is a startup message */
118 ptvcursor_add(cursor, hf_omapi_version, 4, ENC_BIG_ENDIAN);
119 ptvcursor_add(cursor, hf_omapi_hlength, 4, ENC_BIG_ENDIAN);
120
121 col_set_str(pinfo->cinfo, COL_INFO, "Status message");
122 proto_item_append_text(ti, ", Status message");
123
124 ptvcursor_free(cursor);
125 return 8;
126 }
127 else if ( !(tvb_get_ntohl(tvb, 8) || tvb_get_ntohl(tvb, 12)) )
128 {
129 /* This is a startup message, and more */
130 ptvcursor_add(cursor, hf_omapi_version, 4, ENC_BIG_ENDIAN);
131 ptvcursor_add(cursor, hf_omapi_hlength, 4, ENC_BIG_ENDIAN);
132
133 col_append_str(pinfo->cinfo, COL_INFO, "Status message");
134
135 proto_item_append_text(ti, ", Status message");
136 }
137
138 ptvcursor_add(cursor, hf_omapi_auth_id, 4, ENC_BIG_ENDIAN);
139 authlength = tvb_get_ntohl(tvb, ptvcursor_current_offset(cursor));
140 ptvcursor_add(cursor, hf_omapi_auth_len, 4, ENC_BIG_ENDIAN);
141
142 col_append_sep_str(pinfo->cinfo, COL_INFO, NULL,
143 val_to_str(tvb_get_ntohl(tvb, ptvcursor_current_offset(cursor)), omapi_opcode_vals, "Unknown opcode (0x%04x)"));
144
145 proto_item_append_text(ti, ", Opcode: %s",
146 val_to_str(tvb_get_ntohl(tvb, ptvcursor_current_offset(cursor)), omapi_opcode_vals, "Unknown opcode (0x%04x)"));
147
148 ptvcursor_add(cursor, hf_omapi_opcode, 4, ENC_BIG_ENDIAN);
149 ptvcursor_add(cursor, hf_omapi_handle, 4, ENC_BIG_ENDIAN);
150 ptvcursor_add(cursor, hf_omapi_id, 4, ENC_BIG_ENDIAN);
151 ptvcursor_add(cursor, hf_omapi_rid, 4, ENC_BIG_ENDIAN);
152
153 msglength = tvb_get_ntohs(tvb, ptvcursor_current_offset(cursor));
154 while (msglength)
155 {
156 ptvcursor_add(cursor, hf_omapi_msg_name_len, 2, ENC_BIG_ENDIAN);
157 ptvcursor_add(cursor, hf_omapi_msg_name, msglength, ENC_ASCII|ENC_NA);
158 msglength = tvb_get_ntohl(tvb, ptvcursor_current_offset(cursor));
159 ptvcursor_add(cursor, hf_omapi_msg_value_len, 4, ENC_BIG_ENDIAN);
160
161 if (msglength == 0)
162 {
163 proto_tree_add_item(omapi_tree, hf_omapi_empty_string, tvb, 0, 0, ENC_NA);
164 }
165 else if (msglength == (guint32)~0)
166 {
167 proto_tree_add_item(omapi_tree, hf_omapi_no_value, tvb, 0, 0, ENC_NA);
168 }
169 else
170 {
171 ptvcursor_add(cursor, hf_omapi_msg_value, msglength, ENC_ASCII|ENC_NA);
172 }
173
174 msglength = tvb_get_ntohs(tvb, ptvcursor_current_offset(cursor));
175 }
176
177 ptvcursor_add(cursor, hf_omapi_message_end_tag, 2, ENC_NA);
178
179 objlength = tvb_get_ntohs(tvb, ptvcursor_current_offset(cursor));
180 while (objlength)
181 {
182 ptvcursor_add(cursor, hf_omapi_obj_name_len, 2, ENC_BIG_ENDIAN);
183 ptvcursor_add(cursor, hf_omapi_obj_name, objlength, ENC_ASCII|ENC_NA);
184 objlength = tvb_get_ntohl(tvb, ptvcursor_current_offset(cursor));
185 ptvcursor_add(cursor, hf_omapi_obj_value_len, 4, ENC_BIG_ENDIAN);
186
187 if (objlength == 0)
188 {
189 proto_tree_add_item(omapi_tree, hf_omapi_empty_string, tvb, 0, 0, ENC_NA);
190 }
191 else if (objlength == (guint32)~0)
192 {
193 proto_tree_add_item(omapi_tree, hf_omapi_no_value, tvb, 0, 0, ENC_NA);
194 }
195 else
196 {
197 ptvcursor_add(cursor, hf_omapi_obj_value, objlength, ENC_NA);
198 }
199
200 objlength = tvb_get_ntohs(tvb, ptvcursor_current_offset(cursor));
201 }
202
203 ptvcursor_add(cursor, hf_omapi_object_end_tag, 2, ENC_NA);
204
205 if (authlength > 0) {
206 ptvcursor_add(cursor, hf_omapi_signature, authlength, ENC_NA);
207 }
208
209 ptvcursor_free(cursor);
210 return tvb_captured_length(tvb);
211 }
212
213 void
proto_register_omapi(void)214 proto_register_omapi(void)
215 {
216 static hf_register_info hf[] = {
217 { &hf_omapi_version,
218 { "Version", "omapi.version",
219 FT_UINT32, BASE_DEC, NULL, 0x0,
220 NULL, HFILL }},
221 { &hf_omapi_hlength,
222 { "Header length", "omapi.hlength",
223 FT_UINT32, BASE_DEC, NULL, 0x0,
224 NULL, HFILL }},
225 { &hf_omapi_auth_id,
226 { "Authentication ID", "omapi.authid",
227 FT_UINT32, BASE_DEC, NULL, 0x0,
228 NULL, HFILL }},
229 { &hf_omapi_auth_len,
230 { "Authentication length", "omapi.authlength",
231 FT_UINT32, BASE_DEC, NULL, 0x0,
232 NULL, HFILL }},
233 { &hf_omapi_opcode,
234 { "Opcode", "omapi.opcode",
235 FT_UINT32, BASE_DEC, VALS(omapi_opcode_vals), 0x0,
236 NULL, HFILL }},
237 { &hf_omapi_handle,
238 { "Handle", "omapi.handle",
239 FT_UINT32, BASE_DEC, NULL, 0x0,
240 NULL, HFILL }},
241 { &hf_omapi_id,
242 { "ID", "omapi.id",
243 FT_UINT32, BASE_DEC, NULL, 0x0,
244 NULL, HFILL }},
245 { &hf_omapi_rid,
246 { "Response ID", "omapi.rid",
247 FT_UINT32, BASE_DEC, NULL, 0x0,
248 NULL, HFILL }},
249 { &hf_omapi_msg_name_len,
250 { "Message name length", "omapi.msg_name_length",
251 FT_UINT16, BASE_DEC, NULL, 0x0,
252 NULL, HFILL }},
253 { &hf_omapi_msg_name,
254 { "Message name", "omapi.msg_name",
255 FT_STRING, BASE_NONE, NULL, 0x0,
256 NULL, HFILL }},
257 { &hf_omapi_msg_value_len,
258 { "Message value length", "omapi.msg_value_length",
259 FT_UINT32, BASE_DEC, NULL, 0x0,
260 NULL, HFILL }},
261 { &hf_omapi_msg_value,
262 { "Message value", "omapi.msg_value",
263 FT_STRING, BASE_NONE, NULL, 0x0,
264 NULL, HFILL }},
265 { &hf_omapi_obj_name_len,
266 { "Object name length", "omapi.obj_name_length",
267 FT_UINT16, BASE_DEC, NULL, 0x0,
268 NULL, HFILL }},
269 { &hf_omapi_obj_name,
270 { "Object name", "omapi.obj_name",
271 FT_STRING, BASE_NONE, NULL, 0x0,
272 NULL, HFILL }},
273 { &hf_omapi_obj_value_len,
274 { "Object value length", "omapi.object_value_length",
275 FT_UINT32, BASE_DEC, NULL, 0x0,
276 NULL, HFILL }},
277 { &hf_omapi_obj_value,
278 { "Object value", "omapi.obj_value",
279 FT_BYTES, BASE_NONE, NULL, 0x0,
280 NULL, HFILL }},
281 { &hf_omapi_signature,
282 { "Signature", "omapi.signature",
283 FT_BYTES, BASE_NONE, NULL, 0x0,
284 NULL, HFILL }},
285
286 /* Generated from convert_proto_tree_add_text.pl */
287 { &hf_omapi_empty_string, { "Empty string", "omapi.empty_string", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
288 { &hf_omapi_no_value, { "No value", "omapi.no_value", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
289 { &hf_omapi_message_end_tag, { "Message end tag", "omapi.message_end_tag", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
290 { &hf_omapi_object_end_tag, { "Object end tag", "omapi.object_end_tag", FT_NONE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
291
292 };
293
294 static gint *ett[] = {
295 &ett_omapi
296 };
297
298 proto_omapi = proto_register_protocol("ISC Object Management API", "OMAPI", "omapi");
299 proto_register_field_array(proto_omapi, hf, array_length(hf));
300 proto_register_subtree_array(ett, array_length(ett));
301 }
302
303 void
proto_reg_handoff_omapi(void)304 proto_reg_handoff_omapi(void)
305 {
306 dissector_handle_t omapi_handle;
307
308 omapi_handle = create_dissector_handle(dissect_omapi, proto_omapi);
309 dissector_add_uint_with_preference("tcp.port", OMAPI_PORT, omapi_handle);
310 }
311
312 /*
313 * Editor modelines - https://www.wireshark.org/tools/modelines.html
314 *
315 * Local Variables:
316 * c-basic-offset: 2
317 * tab-width: 8
318 * indent-tabs-mode: nil
319 * End:
320 *
321 * ex: set shiftwidth=2 tabstop=8 expandtab:
322 * :indentSize=2:tabSize=8:noTabs=true:
323 */
324